Data-centric model key to cloud security
Data-centric model key to cloud security
As it becomes clear that cloud computing technology is here to stay, customers and vendors alike are making moves to secure their services and make the cloud safe for even sensitive data and applications. One approach that might serve both sides well is a data-centric model in which the information itself – rather than an endpoint – is protected.
Traditional data security models focus on protecting individual devices used to access information. Computers are armed with antivirus software, a firewall protects the network and various other tools are used to guard the perimeter. While this approach is effective to a degree, it does have its flaws.
For example, if an outsider with malicious intentions manages to bypass a network’s security measures, there would be little stopping him or her from stealing valuable information.
This threat is especially prevalent with cloud computing. With information being stored on a third-party server, a business using the cloud has less direct control over its data than ever. And though cloud providers are generally able to dedicate more time and expertise to security than the average company, those resources can be used most effectively in a data-centric model.
A recent ITWorld report highlighted several of the shortcomings of cloud security. For one, many businesses fail to assess the data security measures and policies employed by cloud vendors. This can lead to several issues, including regulatory compliance concerns about the geographic location of data in the cloud and the credentials of the provider hosting the services.
Citing figures from a CompTIA report, ITWorld pointed out that half of surveyed cloud users actually assess the geolocation of a provider’s data centers, and only slightly more than half look into the regulatory compliance of the cloud vendor.
This can lead to data security issues down the line. If a business relies on a cloud service to store sensitive customer information or important corporate records, it will not be the cloud provider that feels the backlash should such data be breached. The burden ultimately falls on the shoulders of the user to ensure information is adequately protected.
A data-centric model removes much of this vulnerability. If the data itself is protected, then it will still be safe even if a cloud provider’s systems are breached and information is stolen.
A recent InformationWeek report echoed this notion, adding that encryption is the first step to building an effective data-centric security model.
According to InformationWeek’s Data Encryption: Ushering in a New Era study, “encryption is enabling the ideal of anywhere, anytime access to company data, and it’s starting to be baked in to all types of IT products.”
The study, which based results off a survey of more than 500 business technology decision-makers, found that only 33 percent of respondents have implemented encryption on the database level, and 47 percent have encrypted data stored on mobile devices.
Michael Davis, the report’s author, asserted that these figures are somewhat worrying. Though it is evident that more companies are using encryption and ushering in a more data-centric approach to security, the slow adoption rate means that many are leaving themselves vulnerable.
“Everyone knows that when the you-know-what hits the fan, it’s the self-sufficient who survive, for a while anyway,” Davis wrote. “By bringing core encryption-related capabilities in-house and being very selective about outside partners, you get closer to full control. Autonomous and selective beats dependent and vulnerable every time.”
Davis noted that data-centric security is not without its flaws. Many legacy security systems do not support encryption, and businesses often have trouble calculating a return on investment for such an approach. However, as more companies implement the cloud as a major IT resource, data-centric security must become more prevalent to ensure that data is protected no matter where it is accessed from and on what device it is viewed.
Cloud Security News from SimplySecurity.com by Trend Micro
Spotlight
Cloud Computing
- Security in backups means more than just encryption
- Employees must buy into the company policy for better cloud security
- Desktop virtualization can enhance security performance
- Cybersecurity cooperation becoming military necessity
Virtualization
- Virtualization-specific challenges could threaten data security
- Evolving threats put security skills in high demand
- Virtualization security requires education, access control management
- Tips for launching effective virtual security tools
Internet Safety
- Virtualization-specific challenges could threaten data security
- Evolving threats put security skills in high demand
- Virtualization security requires education, access control management
- Tips for launching effective virtual security tools
Vulnerabilities & Exploits
CTO Insights
First Line of Defense
Newsletter
Stay up to date with the latest news and information on online threats.
Recent News
- SEC may ask for more information after cyberattacks
- FBI trying to train financial execs on cyber threats
- Wall Street has data security concerns over Bloomberg reporting
- Security in backups means more than just encryption
Tag Cloud
cloud cloud computing cloud computing security Cloud Security Compliance & Regulations Consumerization Current News cybercrime Data Privacy data security Encryption Government Policy Internet Protection Internet Safety Internet Safety - DO NOT USE Internet Security Malware Mobile Security Mobility Policy Policy - DO NOT USE Privacy Privacy & Policy Private Cloud Public Cloud Reports Research Spotlight threat intelligence threat research Trend Labs Underground Economy virtualization Vulnerabilities Vulnerabilities - DO NOT USE web security web threats
Comments
No comments yet